~ruther/nixos-config

ref: 509b41049b045885bde71c8eb68e4d665f7c00e8 nixos-config/modules/services/wireguard.nix -rw-r--r-- 1.0 KiB
509b4104 — Frantisek Bohacek chore: remove unnecessary code, use modules instead of imports, split files 1 year, 3 days ago 
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

{ config, ... }:

{
  imports = [
    ./wg-options.nix
  ];

  networking.firewall = {
    allowedUDPPorts = [ 51820 ];
  };

  networking = {
    nameservers = [
      "1.1.1.1"
      "1.0.0.1"
    ];

    # disable auto resolving
    dhcpcd.extraConfig = "nohook resolv.conf";
    networkmanager.dns = "none";
  };

  networking.resolvconf.extraOptions = [
    "timeout: 2"
  ];

  networking.wireguard.interfaces = {
    wg0 = {
      ips = [ "${config.wg.ip}/32" ];
      listenPort = 51820;

      generatePrivateKeyFile = true;
      privateKeyFile = "/etc/wireguard/pk.pem";

      peers = [
        {
          publicKey = "ZOVjmgUak67kLhNVgZwyb0bro3Yi4vCJbGArv+35IWQ=";
          endpoint = "78.46.201.50:51820";

            # The ip is not refreshed, as the kernel cannot perform DNS resolution. Use dynamicEndpointRefreshSeconds,
            # in case the ip is refreshed often. If not, sync after refresh should be alright.
          allowedIPs = [ "192.168.32.0/24" ];
          persistentKeepalive = 25;
        }
      ];
    };
  };
}
Do not follow this link